CN114124375A - Multi-stage key negotiation method for Internet of things environment - Google Patents
Multi-stage key negotiation method for Internet of things environment Download PDFInfo
- Publication number
- CN114124375A CN114124375A CN202111343641.3A CN202111343641A CN114124375A CN 114124375 A CN114124375 A CN 114124375A CN 202111343641 A CN202111343641 A CN 202111343641A CN 114124375 A CN114124375 A CN 114124375A
- Authority
- CN
- China
- Prior art keywords
- key
- agent
- equipment
- server
- iot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000008569 process Effects 0.000 claims abstract description 33
- 230000006854 communication Effects 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 22
- 238000004364 calculation method Methods 0.000 claims description 13
- 125000004122 cyclic group Chemical group 0.000 claims description 5
- 238000004519 manufacturing process Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 2
- 238000003860 storage Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000008570 general process Effects 0.000 description 1
- 235000008216 herbs Nutrition 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A multi-stage key negotiation method for an Internet of things environment relates to the field of Internet of things and data security. As the security risk of the internet of things devices increases. How to ensure the safety of the equipment of the Internet of things to access a server on a network under the condition of balanced performance. The invention designs a set of new multi-stage key negotiation protocol facing to the Internet of things by introducing an agent mode. By transferring bilinear operation to equipment with stronger operation capability, the resource consumption of the equipment of the Internet of things in the key negotiation process is reduced.
Description
The technical field is as follows:
the invention mainly relates to the field of Internet of things and data security.
Background art:
in a common cryptosystem in the environment of the internet of things, the cryptosystem can be generally divided into a certificate-based cryptosystem and a certificate-free cryptosystem. In a certificate-based cryptosystem, user identity authentication and management needs to be realized by PKI in combination with CA. The mathematical challenges that can be generally employed are: exponential operations, dot product operations, and the like. However, because the devices are numerous and complex in the environment of the internet of things, the management difficulty is simplified, and the key management overhead is reduced. Shamir proposes a public key cryptography concept based on identity, under which a user generates a public key according to the identity of the user's own public information, and KGC (key generation center) can generate a corresponding private key according to the user's public information. But with the problem that once KGC is broken, its generated private key will be available to the attacker, causing information leakage, and Al-Riyami and Paterson propose to generate the private key jointly by KGC and the user himself-certificateless cryptosystem. Under the certificateless cryptosystem, in order to verify whether the private key is issued by KGC, the computation is generally performed by using the characteristics of bilinear pairings. However, the amount of bilinear pairings is more expensive than other methods. In the environment of the internet of things, the data transmission amount in the nodes is huge, and node equipment with limited software and hardware resources is extremely easy to attack.
Bilinear pairwise computation
Let a large prime number q<2kWherein k represents a safety parameter, G1Is a cyclic group of addition of order q, G2Is a multiplication loop group of order q, P being G1Is G1×G1→G2Is a bilinear map with the following three properties.
non-degradability: e (P, P) ≠ 1.
l-ABDHE (enhanced bilinear Diffie-Hellman difficult problem hypothesis)
The invention content is as follows:
for the devices in the internet of things, the calculation in the key negotiation process is generally required to be performed by using the characteristics of the bilinear pair. However, the amount of bilinear pairings is more expensive than other methods. How to reduce the calculation burden of the internet of things equipment in the password process is always a technical hotspot problem.
We have devised a new key agreement method based on proxy devices (proxy devices refer to mobile devices with powerful computing capabilities). The method is very suitable for the environment of the Internet of things, because the operation of bilinear pairings in the key agreement process is transferred from the equipment of the Internet of things to the proxy equipment. This can reduce resource consumption of the internet of things device in the key agreement process. And moreover, bilinear team operation does not need to be simplified like other schemes, so that the potential safety reduction problem is caused.
The method adopts an innovative mode of introducing proxy equipment and combines and uses two cryptosystems of PKI and KGC. Aiming at the security requirements of different communication environments, the original IoT equipment and the server negotiate at one time in two stages (an IoT equipment and agent mutual authentication part and an agent assistant IoT equipment and server negotiation part). The computation and resource consumption of the IoT device in the negotiation process are reduced.
Drawings
FIG. 1 scheme architecture
Scheme flow of FIG. 2
Fig. 3 illustrates a first phase IoT device and proxy terminal authentication process
Fig. 4 is a schematic diagram of a second stage IoT device (agent) negotiating a key with a server
The specific implementation mode is as follows:
as shown in fig. 1, in the multi-stage key negotiation protocol oriented to the environment of the internet of things, there are four participating members: vendor (PKI + KGC), IoT devices, proxies and servers. The assumption that this scheme holds is: the four members themselves are trusted and the only place where the security risk occurs is in the communication link of the data exchange process.
Manufacturers have assumed the role of manufacturing IoT devices and distribution agent applications, and they complete the process of generating relevant parameters (system establishment) in the certificate-based key system and the certificateless key system and writing the parameters into the corresponding devices.
The IoT equipment is low-power consumption and low-operation-capability Internet of things equipment. It needs to report data with a server through a remote network (including but not limited to WIFI, ZigBee and other protocols).
The agent is a high-computing-power private device (such as a smart phone) of the user, and can be connected with the internet of things device through a near field communication mode such as bluetooth and NFC.
The server is storage and operation equipment which needs the equipment of the Internet of things to provide data.
The multi-stage key negotiation protocol oriented to the environment of the Internet of things aims to complete key negotiation work for equipment and a server of the Internet of things. As shown in fig. 2. The method is mainly divided into two parts: the IoT device and the proxy mutually authenticate part, and the proxy assists the IoT device to negotiate with the server part.
Phase 1 IoT device and proxy authentication
The general flow of the first stage is shown in fig. 3. The IoT device and the agent may communicate using short-range communication such as bluetooth, ZigBee, etc. Because of the adoption of near field communication, the channel condition is safer. Based on the PKI system, a two-party key negotiation protocol with relatively low computation amount suitable for the scheme is provided.
Since the agent device does not know all the agent devices at the time of shipment, a certificate-based cryptosystem is used to confirm the identities of both parties and to communicate with the agent device. When the IoT device leaves the factory, the manufacturer writes the root certificate into the internet of things device. During the process of agent installation of the management software, the manufacturer assigns a certificate and private key to each mobile device.
In the communication process between the IoT device and the agent, the agent sends the secret key issued by the manufacturer to the IoT device for authentication, which specifically comprises the following steps:
system set-up
Let i be a large prime number, G be a p-order cyclic group, and the generator be G1. Randomly generating a random number x of each device, and recording the random number x of the proxy deviceagentThe random number of the IoT device is marked as xdevice. The public key is Y ═ gxmod p, the proxy device public key denoted as YagentIoT device public key YdeviceAnd gcd (x, p-1) ═ 1, and if not, one private key x is regenerated. In the process, proxy equipment and IoT equipment exist, CA distributes certificate Cert (adopting standard method) to the IoT equipment and the proxy, and the certificate of the proxy equipment is CertagentIoT device certificate is Certdevice。
Key negotiation
When the internet of things equipment needs to interact with a server in a network, proxy equipment is needed to assist in calculating the secret key, and therefore the internet of things equipment and the proxy equipment need to perform a secret key negotiation process in a short distance. The process is initiated by an agent, randomly selecting a random number (security parameter)Calculating values resulting from a negotiation processRandom number (safety parameter) is selected at randomCalculating values resulting from a negotiation process And the values resulting from the negotiation process After the calculation is finished, the agent equipment negotiates a process message magent= (ragent,tagent,uagent,Certagent) And sending the data to the Internet of things equipment.
When the Internet of things equipment receives the negotiation process message m from the agent equipmentagentThen, the validity of the information is first determined. Namely calculationWherein Y isdeviceIs a certificate CertdeviceIs extracted from the Chinese medicinal herbs. RecalculationIf ragent‘=ragentThe key agreement message is accepted. Thereafter, the values resulting from the negotiation process are calculatedValues generated by the negotiation processAnd the values resulting from the negotiation process Will negotiate a procedure message mdevice= (rdevice,tdevice,udevice,Certdevice) And returning the information to the proxy equipment.
After the agent device receives the message again, it calculatesAndto confirm the validity of the information.
Key computation
At this point, the key agreement process of the first stage is completed, and a secure channel for short-distance communication is established (any standard communication method is adopted by using the agreed key). The Internet of things equipment and the proxy equipment carry out encrypted communication, and the communication content comprises a random number x of the IoT equipment which is a necessary parameter during the second-stage key negotiationdeviceIoT device private Key PDAnd IDD(defining key generation at stage 2) is sent to the proxy.
And (2) stage: IoT device and server negotiation key
The general process of the second stage is shown in fig. 4. In the process of negotiating the proxy and the server, the network environment is complex. In consideration of management of a server on the Internet of things equipment, a key negotiation method based on a certificateless cryptosystem and suitable for the architecture is provided.
System set-up
Randomly generating Q-order cyclic groups1、G2Randomly selecting 3 generators g, c and d, g2,c,d∈G1There are bilinear pairings e: G1×G1→G2The key generation function is H: {0,1}*→{0,1}lWhere l is the expected session key length.
The equipment manufacturer as KGC generates and stores KGC private key PKGCComputing KGC public keyPublishing parameters { e, g ] at the time of production facility and authentication server2,c,d,SKGC,H}。
Key generation
The server is defined by the equipment manufacturer when leaving factory, and the ID is defined as IDS∈ZpAnd ID ofS≠PPKGComputing a server public keyComputing server partial private keysServer random selection rs. And calculates the server private key PS=<rs,hS>。
The IOT equipment is defined by equipment manufacturer when leaving factory, and the ID is defined as IDD∈ZpAnd ID ofD≠PPKGComputing a server public keyComputing server partial private keysServer random selection rDAnd calculates IOT private key PD=<rD,hD>。
The proxy device stores a server public key ID in addition to public parametersS。
Key negotiation
In the previous procedure, the IOT device has authenticated and established a secure connection with the proxy device, and has authenticated the random number x of the required IOT devicedeviceIoT device private Key PDAnd IoT device IDDThe agent is notified.
The proxy device calculates the value N generated during the negotiationA1And NA2。
Calculating the result NA={NA1||NA2ID with device ID to be communicatedDAnd sending the data to a server.
After the server receives the request, the server extracts the device ID and calculates the device public key by using the parameters of the serverThen, randomly selecting the secret key of the communication to generate a random number y E ZpAnd calculating the value N generated in the negotiation processB1And NB2。
NB1=SD y
NB2=e(g2,d)y
Will NB=NB1||NB2And returning the calculation to the proxy equipment.
The proxy device calculates an intermediate value of the key calculation
Agent device IDS||NA||NB||KAB1||KAB2Sending the session key to the IOT device through the secure channel of the short-distance communication established in the phase 1, and calculating the session key by the IOT device
Key=H(IDD||IDS||NA||NB||KAB1||KAB2)
Intermediate value of server key calculation
KBA2=NA2 y
Server device calculates session key
Key=H(IDD||IDS||NA||NB||KBA1||KBA2)
Proved by theory, KAB1=KBA1,KAB2=KBA2. The IoT device and the server may obtain a consistent session key for subsequent communications, and the scheme ends.
Different encryption operations were simulated using the PBC library and MATLAB (PBC library is the bilinear pair-based cryptosystem implementation library designed by stanford university). The computer running the test had i5-9400CPU and 16GB memory.
Table 1. time spent in 1000 different cryptographic operations
It can be seen that the multiplication and exponential calculation times in the clusters are substantially the same. Whereas a bilinear pair operation may take about 10 times the operation time.
Table 2. operation burden of IoT equipment in key negotiation process
According to the results obtained in table 1, we record the multiplicative sum log in the group as 1 time unit and the bilinear log as 10 time unit. For the computation of the IoT device, the Gao scheme is about 45 time units, the Gu scheme is about 36 time units, and our scheme is only 12 time units, which saves the overhead in the IoT device key negotiation process.
[1]G.Haiying,"Provable Secure ID-Based Authenticated Key Agreement Protocol," Journal of Computer Research and Development,vol.08,pp.1685-1689,2012.
[2]G.Z.L.Dongnan,"Identity-based certificateless bilinear pairing key agreement scheme,"Journal of Civil Aviation University of China,vol.01,pp.55-59,2019。
Claims (1)
1. A multi-stage key agreement method for an Internet of things environment is characterized in that:
in the multi-stage key negotiation protocol facing the environment of the internet of things, four participating members exist: vendor (PKI + KGC), IoT devices, proxies and servers; manufacturers undertake the functions of manufacturing IoT equipment and distributing agent application, and can complete the process of generating related parameters, namely system establishment, in a certificate-based key system and a certificate-free key system and writing the parameters into corresponding equipment;
the IoT equipment is the Internet of things equipment and needs to report data with a server through a remote network;
the agent is a high-computing-power private device of the user and is connected with the Internet of things device in a close-range communication mode;
the server is storage and operation equipment which needs the equipment of the Internet of things to provide data;
the method is divided into two parts: an IoT device and agent mutual authentication part, and an agent assistance IoT device and server negotiation part;
1) phase 1 IoT device and proxy authentication
The IoT equipment and the agent adopt a near field communication mode to communicate;
since the agent device does not know all the agent devices when leaving the factory, a certificate-based cryptosystem is adopted to confirm the identities of the two parties and to communicate with the agent device; when the IoT equipment leaves a factory, a manufacturer writes a root certificate into the Internet of things equipment; in the process of installing management software by an agent, a manufacturer distributes a certificate and a private key to each mobile device;
in the communication process between the IoT device and the agent, the agent sends the secret key issued by the manufacturer to the IoT device for authentication, which specifically comprises the following steps:
system set-up
Let i be a large prime number, G be a p-order cyclic group, and the generator be G1(ii) a Randomly generating a random number x of each device, and recording the random number x of the proxy deviceagentThe random number of the IoT device is marked as xdevice(ii) a The public key is Y ═ gxmod p, the proxy device public key denoted as YagentIoT device public key YdeviceAnd gcd (x, p-1) ═ 1, if not, one private key x is regenerated; the process comprises the existence of agent equipment and IoT equipment, wherein the CA distributes certificate Cert to the IoT equipment and the agent, and the certificate of the agent equipment is CertagentIoT device certificate is Certdevice;
Key negotiation
When the Internet of things equipment needs to interact with a server in a network, proxy equipment is needed to assist in calculating a secret key, and therefore the Internet of things equipment and the proxy equipment need to perform a secret key negotiation process in a short distance; the process is initiated by an agent, randomly selecting a random numberCalculating values resulting from a negotiation processRandom number is selected at randomCalculating values resulting from a negotiation processAnd the values resulting from the negotiation processAfter the calculation is finished, the agent equipment negotiates a process message magent=(ragent,tagent,uagent,Certagent) Sending the data to the Internet of things equipment;
when the Internet of things equipment receives the negotiation process message m from the agent equipmentagentThen, firstly judging the validity of the information; namely calculationWherein Y isdeviceExtracted from the certificate Certdevice; recalculationIf ragent′=ragentAccepting the key negotiation message; thereafter, the values resulting from the negotiation process are calculatedValues generated by the negotiation processAnd the values resulting from the negotiation process Setting negotiation procedure message mdevice ═ (r)device,tdevice,udevice,Certdevice) Returning to the agent equipment;
after the agent device receives the message again, it calculatesAndto confirm the validity of the information;
key computation
At this point, the key negotiation process of the first stage is completed, and a secure channel of short-distance communication is established; the Internet of things equipment and the proxy equipment carry out encrypted communication, and the communication content comprises a random number x of the IoT equipment which is a necessary parameter during the second-stage key negotiationdeviceIoT device private Key PDAnd IDDSent to the agent;
2) and (2) stage: IoT device and server negotiation key
System set-up
Randomly generating Q-order cyclic groups1、G2Randomly selecting 3 generators g, c and d, g2,c,d∈G1There is a bilinear pairing operation e: g1×G1→G2The key generation function is H: {0,1}*→{0,1}lWhere l is the expected session key length;
the equipment manufacturer as KGC generates and stores KGC private key PKGCComputing KGC public keyPublishing parameters { e, g ] at the time of production facility and authentication server2,c,d,SKGC,H};
Key generation
The server is defined by the equipment manufacturer when leaving factory, and the ID is defined as IDS∈ZpAnd ID ofS≠PPKGComputing a server public keyComputing server partial private keysServer random selection rs(ii) a And computing servicePrivate key P of deviceS=<rs,hS>;
The IOT equipment is defined by equipment manufacturer when leaving factory, and the ID is defined as IDD∈ZpAnd ID ofD≠PPKGComputing a server public keyComputing server partial private keysServer random selection rDAnd calculates IOT private key PD=<rD,hD>;
The proxy device stores a server public key ID in addition to public parametersS;
Key negotiation
In the previous procedure, the IOT device has authenticated and established a secure connection with the proxy device, and has authenticated the random number x of the required IOT devicedeviceIoT device private Key PDAnd IoT device IDDInforming the agent;
the proxy device calculates the value N generated during the negotiationA1And NA2;
The calculated result is processedNA={NA1||NA2ID with device ID to be communicatedDSending the data to a server;
after the server receives the request, the server extracts the device ID and calculates the device public key by using the parameters of the serverThen randomly selectingSelecting a secret key of the communication to generate a random number y ∈ ZpAnd calculating the value N generated in the negotiation processB1And NB2;
NB1=SD y
NB2=e(g2,d)y
Will NB=NB1||NB2Returning to the agent equipment for calculation;
the proxy device calculates an intermediate value of the key calculation
Agent device IDs||NA||NB||KAB1||KAB2Sending the session key to the IOT device through the secure channel of the short-distance communication established in the phase 1, and calculating the session key by the IOT device
Key=H(IDD||IDS||NA||NB||KAB1||KAB2)
Intermediate value of server key calculation
KBA2=NA2 y
Server device calculates session key
Key=H(IDD||IDS||NA||NB||KBA1||KBA2)
Proved by theory, KAB1=KBA1,KAB2=KBA2(ii) a The IoT device and the server may thus obtain a consistent session key for subsequent communications, ending.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111343641.3A CN114124375B (en) | 2021-11-13 | 2021-11-13 | Multi-stage key negotiation method for Internet of things environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111343641.3A CN114124375B (en) | 2021-11-13 | 2021-11-13 | Multi-stage key negotiation method for Internet of things environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114124375A true CN114124375A (en) | 2022-03-01 |
CN114124375B CN114124375B (en) | 2024-05-24 |
Family
ID=80379574
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111343641.3A Active CN114124375B (en) | 2021-11-13 | 2021-11-13 | Multi-stage key negotiation method for Internet of things environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114124375B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115987691A (en) * | 2023-03-20 | 2023-04-18 | 成都蓝瑟回音文化传媒有限公司 | Mobile application management system and method based on cloud computing and pervasive computing |
WO2023178691A1 (en) * | 2022-03-25 | 2023-09-28 | Oppo广东移动通信有限公司 | Security implementation method and apparatus, device and network element |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017202161A1 (en) * | 2016-05-26 | 2017-11-30 | 中兴通讯股份有限公司 | Certificateless two-party authenticated key agreement method, device, and data storage medium |
CN111510291A (en) * | 2020-04-20 | 2020-08-07 | 重庆邮电大学 | Efficient identity authentication key agreement protocol based on bilinear pairings |
CN112953727A (en) * | 2021-03-02 | 2021-06-11 | 西安电子科技大学 | Internet of things-oriented equipment anonymous identity authentication method and system |
CN113572765A (en) * | 2021-07-23 | 2021-10-29 | 桂林电子科技大学 | Lightweight identity authentication key negotiation method for resource-limited terminal |
-
2021
- 2021-11-13 CN CN202111343641.3A patent/CN114124375B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017202161A1 (en) * | 2016-05-26 | 2017-11-30 | 中兴通讯股份有限公司 | Certificateless two-party authenticated key agreement method, device, and data storage medium |
CN111510291A (en) * | 2020-04-20 | 2020-08-07 | 重庆邮电大学 | Efficient identity authentication key agreement protocol based on bilinear pairings |
CN112953727A (en) * | 2021-03-02 | 2021-06-11 | 西安电子科技大学 | Internet of things-oriented equipment anonymous identity authentication method and system |
CN113572765A (en) * | 2021-07-23 | 2021-10-29 | 桂林电子科技大学 | Lightweight identity authentication key negotiation method for resource-limited terminal |
Non-Patent Citations (3)
Title |
---|
ZIPENG DIAO ET AL.: "MSKNP:Multistage Key Negotiation Protocol for IoT-Blockchain Environment", IEEE INTERNET OF THINGS JOURNAL * |
顾兆军等: "基于身份的无证书双线性对密钥协商方案", 中国民航大学学报 * |
高海英: "可证明安全的基于身份的认证密钥协商协议", 计算机研究与发展 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023178691A1 (en) * | 2022-03-25 | 2023-09-28 | Oppo广东移动通信有限公司 | Security implementation method and apparatus, device and network element |
CN115987691A (en) * | 2023-03-20 | 2023-04-18 | 成都蓝瑟回音文化传媒有限公司 | Mobile application management system and method based on cloud computing and pervasive computing |
CN115987691B (en) * | 2023-03-20 | 2023-06-16 | 成都蓝瑟回音文化传媒有限公司 | Mobile application management system and method based on cloud computing and pervasive computing |
Also Published As
Publication number | Publication date |
---|---|
CN114124375B (en) | 2024-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102318258B (en) | The subjective entropy of identity-based | |
Wang et al. | Security analysis of a single sign-on mechanism for distributed computer networks | |
CN107437993A (en) | One kind is based on without the side's authentication key agreement method of certificate two and device | |
CN104378374A (en) | SSL-based method and system for establishing communication | |
CN114124375B (en) | Multi-stage key negotiation method for Internet of things environment | |
Luo et al. | Cross-domain certificateless authenticated group key agreement protocol for 5G network slicings | |
CN112564923B (en) | Certificateless-based secure network connection handshake method | |
Kumar et al. | Anonymous ID-based Group Key Agreement Protocol without Pairing. | |
CN116599659B (en) | Certificate-free identity authentication and key negotiation method and system | |
Liu et al. | pKAS: A Secure Password‐Based Key Agreement Scheme for the Edge Cloud | |
KR100456624B1 (en) | Authentication and key agreement scheme for mobile network | |
Zeng et al. | Leakage-resilient and lightweight authenticated key exchange for e-health | |
CN116232759A (en) | Mist-blockchain assisted smart grid aggregation authentication method | |
Xia et al. | Breaking and repairing the certificateless key agreement protocol from ASIAN 2006 | |
CN114785508A (en) | Heterogeneous authentication key negotiation method and system | |
Diao et al. | MSKNP: Multistage Key Negotiation Protocol for IoT-Blockchain Environment | |
CN113014376B (en) | Method for safety authentication between user and server | |
Duraisamy et al. | Supporting symmetric 128-bit AES in networked embedded systems: An elliptic curve key establishment protocol-on-chip | |
CN112738038B (en) | Key negotiation method and device based on asymmetric password authentication | |
Shim | Security analysis of various authentication schemes based on three types of digital signature schemes | |
Zhang | Authenticated Key Exchange Protocols with Unbalanced Computational Requirements | |
Jin et al. | Identity-based deniable authenticated encryption for E-voting systems | |
Gilanian Sadeghi et al. | A secure channel to improve energy cost in internet of things | |
Yu et al. | Research and design of one key agreement scheme in bluetooth | |
Han et al. | An Efficient and Secure Lightweight Certificateless Hybrid Signcryption Scheme |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |